<format>
  <regular-grammar>
    <head-re><![CDATA[^
(?<Date>\d{4}\-\d{2}\-\d{2}\ \d{2}\:\d{2}\:\d{2})\  # Date and time
(?<ClientIP> # Client IP
  (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) # v4
 |([\d\:a-f\.]+\%\d+) # or v6
)\ 
(?<ClientPort>\d+)\ # The port number of the client
(?<ServerIP> # Server IP
  (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) #v4 
 |([\d\:a-f\.]+\%\d+) #or v6
)\ 
(?<ServerPort>\d+)\ # The port number of the server
(?<ProtocolVersion>.*?|\-)\  # Protocol version. Usually HTTP/?.?
(?<Verb>\w{0,255}|\-)\  # verb
(?<Url>.*|\-)\  # The URL and its query, if both exist
(?<Status>\d{0,3}|\-)\  # The protocol status of the response for the request, if it is available
(?<SiteID>\d*|\-)\  # The site ID, as a numeric value
(?<Reason>[\w\/]+)  # Reason phrase]]></head-re>
    <fields-config>
      <field name="Time"><![CDATA[TO_DATETIME(Date, "yyyy-MM-dd HH:mm:ss")]]></field>
      <field name="Severity"><![CDATA[Severity.Error]]></field>
      <field name="Body"><![CDATA[FORMAT("Client: {0}:{1}, Server: {2}:{3}, Protocol: {4}, Verb: {5}, URL: {6}, Status: {7}, SideID: {8}, Reason: {9}", ClientIP, ClientPort, ServerIP, ServerPort, ProtocolVersion, Verb, Url, Status, SiteID, Reason)]]></field>
    </fields-config>
    <patterns />
    <encoding>ACP</encoding>
    <sample-log><![CDATA[#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2012-02-06 13:31:17
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2012-02-06 13:31:17 2001:4898:0:fff:0:5efe:10.164.167.30%0 54697 2001:4898:0:fff:0:5efe:10.85.220.4%0 80 - - - - - Timer_ConnectionIdle -
2012-02-06 13:31:17 2001:4898:0:fff:0:5efe:10.164.167.30%0 54699 2001:4898:0:fff:0:5efe:10.85.220.4%0 80 - - - - - Timer_ConnectionIdle -
2012-02-06 13:45:43 2001:4898:0:fff:0:5efe:10.164.167.30%0 54856 2001:4898:0:fff:0:5efe:10.85.220.4%0 80 - - - - - Timer_ConnectionIdle -
2012-02-06 13:51:58 2001:4898:0:fff:0:5efe:10.164.167.30%0 54863 2001:4898:0:fff:0:5efe:10.85.220.4%0 80 - - - - - Timer_ConnectionIdle -
2012-02-06 13:59:18 2001:4898:0:fff:0:5efe:10.164.167.30%0 54865 2001:4898:0:fff:0:5efe:10.85.220.4%0 80 - - - - - Timer_ConnectionIdle -
2012-02-06 14:11:23 2001:4898:0:fff:0:5efe:10.164.167.30%0 54875 2001:4898:0:fff:0:5efe:10.85.220.4%0 80 - - - - - Timer_ConnectionIdle -
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2012-02-29 12:48:58
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2012-02-29 12:48:58 10.36.206.59 50228 10.85.220.5 80 HTTP/1.0 GET / 404 - NotFound -
2012-02-29 12:49:34 10.36.206.59 50330 10.85.220.5 80 HTTP/1.1 GET / 404 - NotFound -
2012-02-29 12:49:50 10.36.206.59 50422 10.85.220.5 80 HTTP/1.1 GET / 404 - NotFound -
]]></sample-log>
  </regular-grammar>
  <id company="Microsoft" name="HTTPERR" />
  <description>HTTP Error log files created by the Http.sys driver. </description>
</format>